The hottest Encryption Substack posts right now

And their main takeaways
Category
Top Technology Topics

The government ordering Apple to break its encryption is stupid, counter-productive and unworkable

Odds and Ends of History 1340 implied HN points 10 Feb 25
🕹 Technology Encryption Privacy Cybersecurity Government Policy Tech regulation
  1. The government's demand for Apple to break its encryption just doesn't make sense. It would create a security risk for everyone, not just criminals.
  2. End-to-end encryption is really important for keeping our data safe. If encryption is weakened, it puts everyone at risk of hacks and privacy violations.
  3. Tech companies like Apple might resist these government orders because it goes against their commitment to privacy. It's not just a principle; it also affects their business and user trust.

Who can you trust?

Glenn’s Substack 1395 implied HN points 07 Apr 23
🕹 Technology AI Deepfakes Encryption
  1. Questioning the trustworthiness of audio, video, and photographs due to the rise of deepfakes.
  2. Historically, relying on human witnesses has been essential in situations where visual evidence is questionable.
  3. Considering the utilization of specially trained observers, similar to Heinlein's concept of Fair Witnesses, to navigate the challenges of trust in evidence.

The Ethics of Cybersecurity

Rod’s Blog 615 implied HN points 17 Jan 24
🕹 Technology Cybersecurity Ethics Privacy Data Protection Encryption
  1. Cybersecurity is crucial for protecting personal information, financial assets, intellectual property, critical infrastructure, and national security.
  2. Ethical considerations in cybersecurity include principles like confidentiality, integrity, availability, and justice.
  3. Balancing security and privacy involves strategies like risk-based approaches, data minimization, using encryption, respecting privacy rights, and staying informed about cybersecurity trends.

Standards Body Considers Uncloaking Secret Encryption Algorithms

Zero Day 672 implied HN points 11 Oct 23
🕹 Technology Security Encryption Standards Algorithms
  1. European standards body may make new encryption algorithms public due to backlash over secrecy.
  2. Previously kept secret algorithms had major flaws, prompting consideration for greater transparency.
  3. Independent researchers found vulnerabilities, including intentional backdoors, in old encryption algorithms in use for over 25 years.

The death of early career gigs, encryption, and the Thread Boys' ascendency

Alex's Personal Blog 32 implied HN points 25 Nov 24
🕹 Technology AI Encryption Startups Data Privacy Tech Policy
  1. AI is taking over entry-level jobs, making it harder for newcomers to gain the experience they need. This could leave a gap when it comes to filling senior positions in the future.
  2. Encryption is really important for protecting our information and ensuring a stable economy. Weakening it could lead to big security problems for everyone.
  3. There's a trend of tech billionaires gaining more influence over government. This could change how policies are made, depending on who has the most money to back their causes.
Get a weekly roundup of the best Substack posts, by hacker news affinity:

Preventing model exfiltration with upload limits

Redwood Research blog 19 implied HN points 08 May 24
🕹 Technology Security Compression Modeling Encryption
  1. Preventing model exfiltration can be crucial for security; setting upload limits can be a simple yet effective way to protect large model weights from being stolen.
  2. Implementing compression schemes for model generations can significantly reduce the amount of data that needs to be uploaded, providing an additional layer of protection against exfiltration.
  3. Limiting uploads, tracking and controlling data flow from data centers, and restricting access to model data are practical approaches to making exfiltration of model weights harder for attackers.

Oracle-based Conditional payments on Bitcoin

LN Markets’ Newsletter 58 implied HN points 16 May 23
🕹 Technology Cryptocurrency Bitcoin Payment Encryption
  1. Oracle-based Conditional payments introduce a new way to handle conditional payments on Bitcoin by using oracles to attest to real-world events, allowing contracting parties to claim funds based on these attestations.
  2. Conditional payments rely on a third party for attestation, but in Oracle-based payments, the third party only attests events and does not execute contracts, improving security and trust in the process.
  3. Verifiable witness encryption plays a crucial role in setting up Oracle-based Conditional payments, ensuring that contracting parties can trust the oracle's attestations and claim funds accordingly.

Disservice Providers

Technically Optimistic 19 implied HN points 15 Mar 24
🕹 Technology Data Privacy Encryption AI Regulations
  1. Social media platforms like Facebook and Instagram are businesses designed to make money, so they may track your data for profit.
  2. Internet service providers (ISPs) like Comcast and Verizon bundle and sell your personal data, including sensitive information, potentially compromising your privacy.
  3. Protect your data by adjusting your privacy settings, using encryption methods like SSL, and being aware of how companies handle your information online.

Security Is Not An Encryption Problem

Security Is 1 HN point 17 Jul 24
🕹 Technology Cybersecurity Encryption Cloud Computing Data security Compliance
  1. Encryption is important, but it's often treated as a checkbox in cloud environments. Many people believe that encryption at rest and in transit fully secures their data, but this isn't always the case.
  2. In cloud settings, especially with services like AWS, anyone with the right permissions can access data regardless of whether it's encrypted at rest. This means encrypting data on the storage level may not offer as much protection as people think.
  3. Instead of focusing heavily on encryption, businesses should prioritize their access controls and permissions. Properly managing who can access what data is often a much more critical aspect of security.

29/8/2022: Real World Crypto Day tại Hà Nội

Thái | Hacker | Kỹ sư tin tặc 19 implied HN points 28 Aug 22
🔮 Crypto Cryptocurrency Blockchain Cybersecurity Encryption Privacy
  1. Real World Crypto Day in Hanoi on 29/8/2022 featured experts discussing important topics like lattice cryptography and security vulnerabilities in popular blockchains.
  2. The event covered a range of practical cryptography topics like key management, secure API design, and research on password storage and encryption techniques.
  3. Vietnam faces a shortage of security solution designers despite having skilled hackers, highlighting the importance of developing more comprehensive cybersecurity expertise.

Beyond the Padlock 🔒: Demystifying TLS - Part 1

Lost In Abstractions 1 HN point 11 Apr 24
🕹 Technology Security Encryption Networking
  1. TLS encryption involves various components like digital certificates, public key cryptography, symmetric key encryption, and cipher suites.
  2. A TLS handshake process includes agreeing on a cipher suite, server authentication, session key exchange, and establishing a secure connection.
  3. Version differences in TLS, such as TLS 1.2 and TLS 1.3, impact the handshake process, with features like forward secrecy in 1.2 and shorter handshakes in 1.3.

Interview with the ETSI Standards Organization That Created TETRA "Backdoor"

Zero Day 7 HN points 25 Jul 23
🕹 Technology Cybersecurity Communication Encryption Vulnerabilities
  1. TETRA radio communication technology used by police and critical infrastructure was found to have a backdoor, reducing encryption strength.
  2. Keeping encryption algorithms secret can hinder security, as seen in the TETRA case where a deliberate weakness was discovered.
  3. ETSI created new secret algorithms to address vulnerabilities, but the debate continues on whether secrecy is the best approach for security.

Secure Enclaves

Why Now 5 implied HN points 03 Apr 23
🕹 Technology Cybersecurity Encryption Cloud Computing Data security Hardware
  1. Security is a key area for innovation with a focus on problem-solving and wedging opportunities against incumbents
  2. Encrypting data in-use is a challenge in cybersecurity, with solutions like homomorphic encryption and secure enclaves emerging
  3. Secure Enclaves are highly-controlled environments that validate code execution cryptographically, offering a way to protect data in-use

alice and bob

Thái | Hacker | Kỹ sư tin tặc 19 implied HN points 23 Mar 08
🕹 Technology Crypto Encryption Cryptography Data security
  1. The post discusses the concept of encryption through a rap called "Alice and Bob". It highlights the importance of protecting messages and data.
  2. Various encryption techniques and algorithms like DES, Twofish, and Blowfish are mentioned in the rap, emphasizing the significance of secure communication.
  3. The rap also touches on the importance of random number generation, RSA encryption, and hashing functions like SHA-1 for maintaining data integrity and security.

RISC-V Vector Cryptography Extension (2/2)

Fprox’s Substack 0 implied HN points 20 Feb 23
🕹 Technology Cryptocurrency Hardware Security Software Encryption
  1. There are new instructions for hash functions like SHA-2 and SM3 in the RISC-V vector cryptography extension.
  2. The Zvkb extension includes instructions for bit manipulation like bit and byte reversal, vector rotations, and carry-less multiplication.
  3. The vector cryptography extensions have specific encodings within the opcode spaces, making them incompatible with certain future extensions.

How E2E Encryption works it magic? + Signal Protocol

The ZenMode 0 implied HN points 25 Feb 24
🕹 Technology Encryption Algorithms Messaging Cryptography Security
  1. Encryption is like a secret code that keeps your information safe and private using algorithms and keys.
  2. End-to-end encryption ensures that only the sender and recipient can access and read messages, offering a high level of security and privacy.
  3. Signal Protocol, with features like the Double Ratchet Algorithm, is widely used in popular messaging apps to provide strong security for user communications.

iOS and macOS should offer higher opt-in security

Kartick’s Blog 0 implied HN points 17 Mar 23
🕹 Technology Security Privacy Software Encryption
  1. iOS and macOS are already secure platforms, but not all security enhancements are suitable for all users.
  2. Apple should allow users to opt-in for higher security settings to enhance protection.
  3. Offering different levels of security options can cater to users with varying security needs and push the industry towards better security practices.

Don't Get Hacked! Top Security Essentials for Software Developers

Brain Bytes 0 implied HN points 04 Oct 23
🕹 Technology Security Encryption Data Protection Cybersecurity
  1. Security in software development is crucial to protect applications and users from sophisticated cyber-attacks.
  2. Implement HTTPS encryption to safeguard data transmitted between the user's browser and the server.
  3. Protect user data by employing hashing and encryption methods, such as bcrypt, to secure passwords, thus preventing unauthorized access.

The future of instant messaging

Venture Prose 0 implied HN points 15 Feb 23
🕹 Technology Messaging Privacy Features Application Encryption
  1. Consider managing instant messaging notifications to avoid being overwhelmed by distractions.
  2. Roze is a messaging app that prioritizes privacy, allowing users to have control over their conversations and notifications.
  3. Roze offers various features like end-to-end encryption, customizable settings, and intimate messaging spaces for specific groups of contacts.

The Intimacies of Mechanical Things

Cybernetic Forests 0 implied HN points 11 Dec 22
🎨 Art & Illustration Poetry Mixed Media Encryption Digital Art
  1. Bani Haykal's work explores human-machine intimacies through interfaces, poetry, and sound, using a mechanical keyboard to encrypt text into languages like Jawi and MIDI values, creating encoded poetry and sound work.
  2. The encryption process in Bani's work is influenced by historical instances like the crypto-Muslim practice during the Spanish Inquisition, showcasing how encryption embodies privacy and secrecy in different cultures.
  3. Bani's exploration of intimacy with devices like mechanical keyboards goes beyond physical proximity to consider transformation and blending, reflecting on how human-machine relationships impact us and our environments.

6 security advancements that Plang offers for the user

Ingig 0 implied HN points 13 Apr 24
🕹 Technology Security Programming Data Protection Authentication Encryption
  1. Plang has built-in security mechanisms, preventing common issues like SQL injection and XSS, allowing developers to focus more on functionality.
  2. Plang offers password-less authentication using ECC, enhancing security and providing a user-friendly login experience.
  3. Plang promotes privacy through local data storage, preventing large-scale breaches and unauthorized access to sensitive information.

Privacy

Ingig 0 implied HN points 29 Sep 23
🕹 Technology Privacy Data Storage Encryption Cloud Services Cybersecurity
  1. Storing data locally using PLang can enhance privacy by reducing the risk of data leaks or breaches.
  2. By storing apps like writing, Excel, PowerPoint, etc., on your computer, you can access your data offline, ensure full sync between devices, and encrypt data for security.
  3. PLang offers privacy benefits like encrypted data storage, anonymous registration, and protection against widespread hacking incidents.

Advisory: security issues in AWS KMS and AWS Encryption SDKs

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 25 Sep 20
🕹 Technology Security Encryption Vulnerabilities
  1. Security vulnerabilities in AWS KMS and AWS Encryption SDKs included information leakage, ciphertext forgery, and robustness issues.
  2. The vulnerabilities required the release of a new version, 2.0.0, for fixes, highlighting the importance of regularly updating software for security measures.
  3. The vulnerabilities exposed potential attacks related to ciphertext decryption, key replacement, and non-committing property issues, emphasizing the critical need for secure encryption practices.

The Internet of Broken Protocols: Showcase #8

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 16 Oct 19
🕹 Technology Cryptography Encryption Security
  1. Cascading multiple encryption algorithms in a specific order, known as a cascade, may not always improve security as commonly thought.
  2. Analyzing a cascade of MAC and digital signature algorithms can reveal potential vulnerabilities in data protection methods.
  3. Using a combination of GMAC with a digital signature for file integrity may not guarantee security as intended, leading to potential security flaws.

Announcement: Android Jetpack Security library

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 10 May 19
🕹 Technology Android Security Development Encryption APIs
  1. The Android Jetpack Security library provides APIs to easily encrypt files and shared preferences, enhancing data security for Android apps.
  2. The library offers a drop-in replacement for SharedPreferences and Editor classes, automatically encrypting/decrypting data to strengthen app security.
  3. Leveraging Android Keystore, the library ensures decryption of files or preferences only after user authentication, adding an extra layer of security to sensitive data.

Sự cố Vietcombank, một góc nhìn kỹ thuật

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 16 Aug 16
🕹 Technology Security Banking Phishing Encryption Communication
  1. Vietcombank encountered a security incident involving a customer's stolen funds, prompting technical analysis and identification of potential attack methods like phishing and exploiting vulnerabilities in the Smart OTP system.
  2. Smart OTP, a feature of Vietcombank, was found to have vulnerabilities that could be exploited by attackers to gain control over customer accounts, highlighting the importance of robust security protocols in online banking systems.
  3. The importance of independent security audits, continuous monitoring, and prompt responsiveness to security reports is crucial for financial institutions like Vietcombank to safeguard customer data and prevent unauthorized access.

The Internet of Broken Protocols: Showcase #4

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 13 Aug 16
🕹 Technology Internet Protocols Security Encryption
  1. The protocol described in the text for generating one-time passwords has vulnerabilities that can allow attackers to gain unauthorized access.
  2. Using insecure communication channels for transferring sensitive information, like one-time passwords, can lead to security flaws.
  3. The importance of forward secrecy in protocols to prevent attacks like the reflection attack highlighted in the text.